Further Reading

The Federal Communications Commission said it will investigate the “illicit and unauthorized use” of cell phone tracking and interception devices, commonly known as IMSI catchers or stingrays.

A newly published letter from FCC Chairman Tom Wheeler to Rep. Alan Grayson (D-FL) states that Wheeler has created a task force that recently took “immediate steps to combat the illicit and unauthorized use of IMSI catchers. The mission of this task force is to develop concrete solutions to protect the cellular networks systemically from similar unlawful intrusions and interceptions.”

Relatively little is known about how stingrays are used by law enforcement agencies nationwide, although documents have surfaced showing how they have been purchased and used in some limited instances. Worse still, cops have lied to courts about the use of such technology. Not only can stingrays be used to determine location, but they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Grayson’s office did not immediately respond to further requests for comment.

The FCC didn't have much to add, either.

"I don’t have a lot to give you right now," Bartees Cox, an FCC spokesman, told Ars. "As the announcement was made only yesterday, but the task force will draw on expertise from across the agency."

“I am disturbed”

Grayson appears to have only been made aware of stingrays recently. The congressman does not seem to know that the best-known manufacturer of stingrays, the Harris Corporation, is based in Melbourne, Florida—just 70 miles from the congressional district that he represents.

Last years, Ars reported on leaked documents showing the existence of a body-worn stingray. In 2010, Kristin Paget famously demonstrated a homemade device built for just $1,500.

“Americans have a reasonable expectation of privacy in their communications and in information about where they go and with whom they communicate,” Grayson wrote to Wheeler on July 2, 2014. “It is extremely troubling to learn that cellular communications are so poorly secured and that it is so easy to intercept calls and track people’s phones.

“I am disturbed by reports which suggest that the FCC has long known about the vulnerabilities in our cellular communications networks exploited by IMSI catchers and other surveillance technologies. According to the Associated Press, the FCC licenses to American companies that manufacture such interception technology.”

Foxes guarding the henhouse

Further Reading

Christopher Soghoian, a technologist with the American Civil Liberties Union and one of the nation's experts on stingrays, told Ars that he applauded the FCC task force.

However, he also pointed out on Twitter that the FCC partially denied a Freedom of Information Act request filed by the ACLU to learn more about prior FCC discussion and actions pertaining to stingrays.

"They're still suppressing public discussion and debate about these issues and that combination is troubling because what it shows is that the FCC and many other parts of our government still consider it to be a secret technology even though graduate students and others have shown that they can build them themselves," Soghoian said.

"It was a secret 20 years ago; it's not a secret anymore," he continued. "What's happening is that the government wants to have its cake and eat it too. It's pretty unrealistic that this thing will remain a secret forever. Our view is that once you can buy these things online, once there are PhD dissertations describing the stuff in detail, and once you can download stuff from the Internet, then it's not a secret anymore, and the FCC should stop treating it as one."

Stephanie Pell, a professor at the Army Cyber Institute at the West Point Military Academy told Ars that she believed the task force is a "positive first step."

"Ultimately, however, a solution that is only focused on further 'outlawing' the unauthorized, unlawful use of the IMSI-catcher technology is not a strong, or likely successful solution," she said. "The FCC will need to examine the vulnerabilities in cellular networks that allow the technology to intercept our communications. Chinese spies and tech-savvy criminals won't be deterred because their use of the technology is illegal—they will be deterred and hopefully thwarted if cellular networks aren't vulnerable to IMSI catchers."

As far as the task force is concerned, Soghoian said he was not aware of the details of what precisely it would entail. He hoped that it would include bona fide technical experts who have well-known credentials in mobile security and privacy.

"If the task force is just NSA, FBI, and the Secret Service, then that's like asking a group of foxes to guard the henhouse," he said. "Really what we would hope that the task force would include the Federal Trade Commission, the Department of Commerce, the National Institute of Standards and Technology, and agencies that have a more protective mission with regard to protecting consumers from hackers and other threats to their privacy. What's clear is that the FCC has known about these things for 20 years. The only way you will protect members of Congress, journalists, lawyers, or doctors is through encryption. Any effort to go after the devices is futile."

54 Reader Comments

What I would really like is for a governer or mayor to come out and be like "so, my staff can't find any cases where evidence from a 'stingray' device was used in a trial. It's clearly a waste of money and I order the police in my city/state to cease using and purchasing them immediately.

I tend to take a more pessimistic view of these "it's classified" claims. It seems to me the only reason that "it's classified" is rearing it's head in regards to the FOI requests is because after "it's classified" you don't have to say anything else. Any other response might lead to more questions.

Not only can stingrays be used to determine location, they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Not only can stingrays be used to determine location, they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Three groups that don't give a damn about the FCC.

Which is why we need to secure the network, not try to hide the details.

Not only can stingrays be used to determine location, they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Three groups that don't give a damn about the FCC.

It's also quite a bit harder to get equipment that's been blocked by the FCC than not. Take cell phone jammers, for instance. Pretty simple device, all things considered, but tricky to get in the US.

Not only can stingrays be used to determine location, they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Three groups that don't give a damn about the FCC.

It's also quite a bit harder to get equipment that's been blocked by the FCC than not. Take cell phone jammers, for instance. Pretty simple device, all things considered, but tricky to get in the US.

Tricky enough so that a trucker who didn't want to be tracked couldn't get one? And expensive enough that $100 or less is a financial barrier?

What I would really like is for a governer or mayor to come out and be like "so, my staff can't find any cases where evidence from a 'stingray' device was used in a trial. It's clearly a waste of money and I order the police in my city/state to cease using and purchasing them immediately.

You could say that of the entire NSA. Name one case where the NSA contributed evidence that directly led to the arrest or conviction of anyone. You can't, because even if they did it would be a secret. Which leads me to wonder if perhaps they have, and it's led to secret detention under the NDAA rather than an open arrest and trial.

I tend to take a more pessimistic view of these "it's classified" claims. It seems to me the only reason that "it's classified" is rearing it's head in regards to the FOI requests is because after "it's classified" you don't have to say anything else. Any other response might lead to more questions.

The only reason "its classified" is because if the truth came out the public would be outraged and their budget might get cut. Heads can roll, no problem - we'll blame Joe, nobody likes him anyway - but don't touch our budget!

What I would really like is for a governer or mayor to come out and be like "so, my staff can't find any cases where evidence from a 'stingray' device was used in a trial. It's clearly a waste of money and I order the police in my city/state to cease using and purchasing them immediately.

You could say that of the entire NSA. Name one case where the NSA contributed evidence that directly led to the arrest or conviction of anyone. You can't, because even if they did it would be a secret. Which leads me to wonder if perhaps they have, and it's led to secret detention under the NDAA rather than an open arrest and trial.

That's also kind of the point. They say they've stopped plenty of terrorists, but where's the evidence? We live in a very documentary society -- and one where one of the core tenants of our justice system is "show me." The fact that nobody can point to and say "we got this guy based on evidence from this" is a problem. Either they're hiding evidence, which goes against our justice system, or they're hiding the people they've nabbed (which is worse!), or the programs are, by and large, huge wastes of time and money.

Someone who knows how these things work: can this be defeated with encryption like Silent Circle or can they still get information from your carrier?

You can't make a call without giving the cell company your IMSI, so if the Stingray device (which to your phone looks like a legitimate cell tower) is doing its job and looks like a proper cell tower than can connect your call, your phone will give up your IMSI and the cops will then know you were there at that time. Even if they can't tap the call or read your texts, that's too much information for them to have without a warrant.

Not only can stingrays be used to determine location, they can also intercept calls and text messages. Grayson seems primarily concerned with stingray use by criminals, terrorists, and foreign government agents.

Three groups that don't give a damn about the FCC.

It's also quite a bit harder to get equipment that's been blocked by the FCC than not. Take cell phone jammers, for instance. Pretty simple device, all things considered, but tricky to get in the US.

Someone who knows how these things work: can this be defeated with encryption like Silent Circle or can they still get information from your carrier?

You can't make a call without giving the cell company your IMSI, so if the Stingray device (which to your phone looks like a legitimate cell tower) is doing its job and looks like a proper cell tower than can connect your call, your phone will give up your IMSI and the cops will then know you were there at that time. Even if they can't tap the call or read your texts, that's too much information for them to have without a warrant.

Since I have a contract with Verizon, I want my phone to only connect to Verizon cell towers. Does a stingray falsely transmit Verizon credentials (sounds illegal), or is the protocol that my phone asks "hey, are you a Verizon tower" and all they need to do is answer "yes"?

If, as the article reports, the technology has been around for 20 years, wouldn't that be sufficient to come up with a protocol that doesn't require my phone to broadcast identifying information in clear text?

Someone who knows how these things work: can this be defeated with encryption like Silent Circle or can they still get information from your carrier?

You can't make a call without giving the cell company your IMSI, so if the Stingray device (which to your phone looks like a legitimate cell tower) is doing its job and looks like a proper cell tower than can connect your call, your phone will give up your IMSI and the cops will then know you were there at that time. Even if they can't tap the call or read your texts, that's too much information for them to have without a warrant.

Since I have a contract with Verizon, I want my phone to only connect to Verizon cell towers. Does a stingray falsely transmit Verizon credentials (sounds illegal), or is the protocol that my phone asks "hey, are you a Verizon tower" and all they need to do is answer "yes"?

If, as the article reports, the technology has been around for 20 years, wouldn't that be sufficient to come up with a protocol that doesn't require my phone to broadcast identifying information in clear text?

So, you don't ever want roaming? If you're out of Verizon's area, you don't ever want to make or receive calls?

Someone who knows how these things work: can this be defeated with encryption like Silent Circle or can they still get information from your carrier?

You can't make a call without giving the cell company your IMSI, so if the Stingray device (which to your phone looks like a legitimate cell tower) is doing its job and looks like a proper cell tower than can connect your call, your phone will give up your IMSI and the cops will then know you were there at that time. Even if they can't tap the call or read your texts, that's too much information for them to have without a warrant.

Since I have a contract with Verizon, I want my phone to only connect to Verizon cell towers. Does a stingray falsely transmit Verizon credentials (sounds illegal), or is the protocol that my phone asks "hey, are you a Verizon tower" and all they need to do is answer "yes"?

If, as the article reports, the technology has been around for 20 years, wouldn't that be sufficient to come up with a protocol that doesn't require my phone to broadcast identifying information in clear text?

So, you don't ever want roaming? If you're out of Verizon's area, you don't ever want to make or receive calls?

I never want to connect to some unknown carrier at some unknown rate. If I happen to be between two buildings where there is a dead spot for Verizon but good reception for AT&T, then my phone doesn't spontaneously connect to AT&T's tower, does it? If I travel abroad and want to use my Verizon phone number there, then I need to do some setup with my phone so that I connect to a specific Verizon partner rather than some random phone tower. By itself, none of this seems to require broadcasting an id to unknown providers.

Harris doesn't sell to terrorists, foreign agencies, or hobbyists.Like most gov suppliers they have a tedious process to go through to buy anything.Harris gear is budget busting. Its not a magic box or old engineering test set of the 80's.Training to use the gear is over a week and isn't cheap, nor is it open to just anyone with a fat checkbook.ACLU needs to get their heads out of their behinds on this.The technology is for finding bad guys. It wont open the camera on your droid, it wont harvest your porn collection and it cant obtain historical data. Its similar to a MITM attack used on wifi signals.People who don't know what they're talking about should just STFU. This technology has been used to find bad guys that want to kill americans at home and abroad.ACLU should focus on data harvesting by facebook and other social stupidity sites that are wolves in sheeps clothing under the guise of kittens and meme's.For those who are really blind. read your agreement with the carrier your cell service is with. You opt to providing more than any harris product could scavenge simply by signing that annoying long cash register receipt with a zillion words......geez

Will someone please write an app that can fingerprint a the cell tower's radio you are connected to, then merge it with open signal's database of towers and add GPS data to the mix... then detect if the "tower" moves in GPS.. instant anti-stingray. There has to be a simple countermeasure.

Will someone please write an app that can fingerprint a the cell tower's radio you are connected to, then merge it with open signal's database of towers and add GPS data to the mix... then detect if the "tower" moves in GPS.. instant anti-stingray. There has to be a simple countermeasure.

I've got an app that turns off WiFi to save power when I'm not at home or the office. It knows where I am by knowing what cell towers are near my home and my office. It even shows me the list of cell towers it "sees" at any time, so I can add/remove locations where it should turn on/off my WiFi. If this free app can show me a list of cell towers then an anti-Stingray app shouldn't be too difficult.

They are just using that as a foil to prevent discussion/debate so LEOs can continue to use the tech.

From the article, it sounds like the FCC didn't create their "task force" until some Congress person (Grayson) pushed them on it. I would not be surprised that the "task force" deliberately stalls and/or comes up with nothing of consequence - the FCC and the government LEOs that use the tech, hoping that this "discussion" just fades away from lack of interest.

no fear mongering, just being realistic......there's a load of open source stuff on this.i value and respect privacy.i dont value bad guys killing our troops and citizens when a good piece of tech can shut them down beforehand.....

Provide one instance of the use of a Stingray preventing "bad guys" from "killing our troops."

Harris doesn't sell to terrorists, foreign agencies, or hobbyists.Like most gov suppliers they have a tedious process to go through to buy anything.Harris gear is budget busting. Its not a magic box or old engineering test set of the 80's.Training to use the gear is over a week and isn't cheap, nor is it open to just anyone with a fat checkbook.ACLU needs to get their heads out of their behinds on this.The technology is for finding bad guys. It wont open the camera on your droid, it wont harvest your porn collection and it cant obtain historical data. Its similar to a MITM attack used on wifi signals.People who don't know what they're talking about should just STFU. This technology has been used to find bad guys that want to kill americans at home and abroad.ACLU should focus on data harvesting by facebook and other social stupidity sites that are wolves in sheeps clothing under the guise of kittens and meme's.For those who are really blind. read your agreement with the carrier your cell service is with. You opt to providing more than any harris product could scavenge simply by signing that annoying long cash register receipt with a zillion words......geez

People who don't know what they're talking about should just STFU. This technology has been used to find bad guys that want to kill Americans at home and abroad.ACLU should focus on data harvesting by fakebook and other social stupidity sites that are mere wolves in sheeps clothing under the guise of kittens and meme's.

Alright, let us for a moment assume that you are right - and I am stretching quite a lot when I say that, but here comes a following hypothetical question. What if it is redirected to people who are NOT the bad guys? How does one know towards whom it is directing at the moment, worse, how does one prevent it from aiming innocent citizens when the decision is made based upon "for national security"?

no fear mongering, just being realistic......there's a load of open source stuff on this.i value and respect privacy.i dont value bad guys killing our troops and citizens when a good piece of tech can shut them down beforehand.....

Provide one instance of the use of a Stingray preventing "bad guys" from "killing our troops."

That kind of poses an important question or two. If this cell tower tracking is classified in the military secrets sense of he word, is the government of the United States conducting domestic military operations during times of peace? Is this not a violation of the Posse Comitatus Act? Also can anyone verify that the state of Washington may have a predator drone equipped with hellfire missiles in operation up there?

Note that in theory, the Stingray needs a FCC product ID. The manufacturer had to prove it doesn't have out of band emissions. However, what usually happens is the manufacturer submits a request to not publish proprietary information.

That kind of poses an important question or two. If this cell tower tracking is classified in the military secrets sense of he word, is the government of the United States conducting domestic military operations during times of peace? Is this not a violation of the Posse Comitatus Act? Also can anyone verify that the state of Washington may have a predator drone equipped with hellfire missiles in operation up there?

I'm really sure no state has Hellfire class missiles. That is strictly USAF and CIA. Note that inert missiles have a blue stripe or are totally painted blue. I've seen Predator and Reaper variants in flight, but only with inert missiles and always with a chase plane except over a reservation.

Posse Comitatus is for all intents and purposes dead since the inception of fusion centers. But if you want to get picky, a Posse Comitatus violation would require the military operating the gear.

That kind of poses an important question or two. If this cell tower tracking is classified in the military secrets sense of he word, is the government of the United States conducting domestic military operations during times of peace? Is this not a violation of the Posse Comitatus Act? Also can anyone verify that the state of Washington may have a predator drone equipped with hellfire missiles in operation up there?

I'm really sure no state has Hellfire class missiles. That is strictly USAF and CIA. Note that inert missiles have a blue stripe or are totally painted blue. I've seen Predator and Reaper variants in flight, but only with inert missiles and always with a chase plane except over a reservation.

Posse Comitatus is for all intents and purposes dead since the inception of fusion centers. But if you want to get picky, a Posse Comitatus violation would require the military operating the gear.

Not wanting to get picky either because this is not an area I have any expertise in. Had the drone and hellfire information not come from a long time friend and respected member of law enforcement that I have known personally for decades I would have completely discounted it. That person said it is most worrisome at all the "free military hardware" that is being dispensed within this country.

Will someone please write an app that can fingerprint a the cell tower's radio you are connected to, then merge it with open signal's database of towers and add GPS data to the mix... then detect if the "tower" moves in GPS.. instant anti-stingray. There has to be a simple countermeasure.

That kind of poses an important question or two. If this cell tower tracking is classified in the military secrets sense of he word, is the government of the United States conducting domestic military operations during times of peace? Is this not a violation of the Posse Comitatus Act? Also can anyone verify that the state of Washington may have a predator drone equipped with hellfire missiles in operation up there?

I'm really sure no state has Hellfire class missiles. That is strictly USAF and CIA. Note that inert missiles have a blue stripe or are totally painted blue. I've seen Predator and Reaper variants in flight, but only with inert missiles and always with a chase plane except over a reservation.

Also,Posse Comitatus is for all intents and purposes dead since the inception of fusion centers. But if you want to get picky, a Posse Comitatus violation would require the military operating the gear.

Well, actually the US Army probably uses more of them fired from Apaches, but I won't quibble without citations.Also, Posse Comitatus does not apply to JSOC operations within the US due to Presidential Directive signed by Clinton, I don't recall the PD number, I think it was 21-1 or something.

Will someone please write an app that can fingerprint a the cell tower's radio you are connected to, then merge it with open signal's database of towers and add GPS data to the mix... then detect if the "tower" moves in GPS.. instant anti-stingray. There has to be a simple countermeasure.

I have a feeling these are used in many states and towns big and small throughout the U.S.. And everyone should be worried, not just those breaking the law. It's also not just the police using them. I find it very disconcerting it can intercept and reveal everyone's phone calls while in range. Also have a little nitpick. "Last years, Ars reported on leaked documents showing the existence of a body-worn stingray" Well which if the last year(s) was it?

The only real reason that the records for these devices would/should be classified is for national security reasons. Their use for warrantless, illegal wiretaps by local police forces,(which is probably what they're most used for) would simply be illegal, and prosecutable, but not classified.

The few cases where they're being used, without a warrant, to surveil folks on the terrorist watch list (there are over 1 million people now) would be the excuse for why these documents remain classified.

I think we're going to have to go to full-on encryption of all communications, including voice calls, to thwart the bullshit being perpetrated by these nitwits. Their assumption of a right to spy on anyone without evidence of wrongdoing, based merely on suspicion, without legitimate judicial oversight, is definitely draconian and Orwellian. It will not stop at this level anymore than the watch list will remain at 1 million. (Police/LEOs are not drawn from the smartest people in your high school classes, or even the most ethical.)